Operational Resilience

What is Operational Resilience?

Operational resilience is an organisation’s ability to detect, prevent, respond to, recover and learn from operational disruptions that may impact delivery of important business and economic functions or underlying business services. 

The key components of operational resilience - which include defining and understanding important business services and impact tolerance, as well as completing end-to-end mapping, scenario testing, and regular self-assessments - are essential guideposts on the road to resiliency.

Why is it important?

Resilience is ingrained in our vocabulary, especially in today’s challenging business landscape. In its simplest form, resilience can be defined as the ability to recover from setbacks. Unlike risk, which has a probabilistic component and creates significant uncertainty, operational resilience must be contemplated as an inevitability.

Systems will fail, cyber-attacks will be successful, and pandemics will occur. Having a firm understanding of how to minimise the impact of a disruption to your external stakeholders and the broader economy, knowing where your organisation’s vulnerabilities lie, and developing your foundational elements  (e.g., cyber, business, third-party, and technology resilience) will help your organisation recover more quickly and minimise customer harm.

What is the connection between operational resilience and business continuity management? 

Business Continuity Management (BCM) is the design, development, implementation and maintenance of strategies, teams, plans and actions that provide protection over, or alternative modes of operation for, those activities or business processes which, if they were to be interrupted, might bring about seriously damaging or potentially significant loss to an enterprise.

Read Our Blogs:

• Operational Successes and Failures
• Measuring Impact Tolerance with FAIR
• Beyond BCM: Building Resilience

Assessing Your Organisation’s Resilience

Protiviti’s experts will partner with your organisation to enhance its operational resilience. Our process involves:

• Identifying Important Business Services. We will help you understand and identify your important business services and processes. Business services are defined as “important” if their disruption poses a risk to an institution’s safety and soundness or financial stability.   
• Establishing Front-to-Back Mapping of Business Services. Our team will build upon existing practices to establish and maintain comprehensive mapping of your important processes, applications, third parties, and other components that contribute to delivery of business services.   
• Understanding and Establishing Impact Tolerance. Our experts will help your organisation establish impact tolerances for its important business services. Extending beyond traditional recovery time, impact tolerance represents the point at which an interruption (or resilience event) threatens the viability of business services.
• Implementing Appropriate Governance. We will work with you to implement proper governance functions and a resilience program based upon the needs of your organisation’s business services.   
• Testing and Improving. Our experts will assist your team through testing the “extreme but plausible” scenarios to better understand realistic recovery times versus established impact tolerance. 
• Continuing to Evolve Foundational Elements. We will continue to improve your business, cyber, third-party and technology resilience — foundational elements of a solid operational resilience program.
• Conducting Self-Assessment. Our team will review all aspects of your resilience program and identify areas for improvement. This process will include support for self-assessments of your operational resilience program and documenting your methodologies on identifying important business services and establishing impact tolerances. Testing strategy and outcome and planned improvements would also be part of the self-assessment.